Extended the openssl compatibility layer a bit.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@154 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
2025-06-12 01:53:07 +03:00 · 2009-01-30 12:35:07 +00:00
parent 86f2e470e0
commit 1b9a2cad7b
4 changed files with 120 additions and 21 deletions
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@ -46,6 +46,8 @@

 #define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)

+static char *key_password = NULL;
+
 void *SSLv23_server_method(void) { return NULL; }
 void *SSLv3_server_method(void) { return NULL; }
 void *TLSv1_server_method(void) { return NULL; }
@ -155,7 +157,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)

 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
 {
-    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, NULL) == SSL_OK);
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
 }

 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
@ -164,13 +166,109 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
 }

-#if 0
-const uint8_t *SSL_get_session(const SSL *ssl)
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                            unsigned int sid_ctx_len)
 {
-    /* TODO: return SSL_SESSION type */
-    return ssl_get_session_id(ssl);
+    return 1;
 }
-#endif
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
+{
+    return (ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_shutdown(SSL *ssl)
+{
+    return 1;
+}
+
+/*** get/set session ***/
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+{
+    return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
+}
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session)
+{
+    memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
+    return 1;
+}
+
+void SSL_SESSION_free(SSL_SESSION *session) { }
+/*** end get/set session ***/
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    return 0;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                                 int (*verify_callback)(int, void *)) { }
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                           const char *CApath)
+{
+    return 1;
+}
+
+void *SSL_load_client_CA_file(const char *file)
+{
+    return (void *)file;
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 
+{ 
+
+    ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
+}
+
+void SSLv23_method(void) { }
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
+{ 
+    key_password = (char *)u;
+}
+
+int SSL_peek(SSL *ssl, void *buf, int num)
+{
+    memcpy(buf, ssl->bm_data, num);
+    return num;
+}
+
+void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return ssl_handshake_status(ssl);
+}
+
+int SSL_state(SSL *ssl)
+{
+    return 0x03; // ok state
+}
+
+/** end of could do better list */
+
+void *SSL_get_peer_certificate(const SSL *ssl)
+{
+    return &ssl->ssl_ctx->certs[0];
+}
+
+int SSL_clear(SSL *ssl)
+{
+    return 1;
+}
+

 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
 {
@ -192,6 +290,7 @@ void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
 int SSL_library_init(void ) { return 1; }
 void SSL_load_error_strings(void ) {}
 void ERR_print_errors_fp(FILE *fp) {}
+
 #ifndef CONFIG_SSL_SKELETON_MODE
 long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
                            return CONFIG_SSL_EXPIRY_TIME*3600; }
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@ -60,7 +60,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol);
 const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
 { SSL_RC4_128_SHA };
 #else
-static void session_free(SSL_SESS *ssl_sessions[], int sess_index);
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);

 const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
 #ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
@ -181,8 +181,8 @@ EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
 #ifndef CONFIG_SSL_SKELETON_MODE
    if (num_sessions)
    {
-        ssl_ctx->ssl_sessions = (SSL_SESS **)
-                        calloc(1, num_sessions*sizeof(SSL_SESS *));
+        ssl_ctx->ssl_sessions = (SSL_SESSION **)
+                        calloc(1, num_sessions*sizeof(SSL_SESSION *));
    }
 #endif

@ -1518,12 +1518,12 @@ void disposable_free(SSL *ssl)
 * Find if an existing session has the same session id. If so, use the
 * master secret from this session for session resumption.
 */
-SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[], 
+SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[], 
        SSL *ssl, const uint8_t *session_id)
 {
    time_t tm = time(NULL);
    time_t oldest_sess_time = tm;
-    SSL_SESS *oldest_sess = NULL;
+    SSL_SESSION *oldest_sess = NULL;
    int i;

    /* no sessions? Then bail */
@ -1566,7 +1566,7 @@ SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
        if (ssl_sessions[i] == NULL)
        {
            /* perfect, this will do */
-            ssl_sessions[i] = (SSL_SESS *)calloc(1, sizeof(SSL_SESS));
+            ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
            ssl_sessions[i]->conn_time = tm;
            ssl->session_index = i;
            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
@ -1592,7 +1592,7 @@ SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
 /**
 * Free an existing session.
 */
-static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
 {
    if (ssl_sessions[sess_index])
    {
@ -1604,7 +1604,7 @@ static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
 /**
 * This ssl object doesn't want this session anymore.
 */
-void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
 {
    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);

--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@ -132,7 +132,7 @@ typedef struct
    time_t conn_time;
    uint8_t session_id[SSL_SESSION_ID_SIZE];
    uint8_t master_secret[SSL_SECRET_SIZE];
-} SSL_SESS;
+} SSL_SESSION;

 typedef struct
 {
@ -176,7 +176,7 @@ struct _SSL
    struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
 #ifndef CONFIG_SSL_SKELETON_MODE
    uint16_t session_index;
-    SSL_SESS *session;
+    SSL_SESSION *session;
 #endif
 #ifdef CONFIG_SSL_CERT_VERIFICATION
    X509_CTX *x509_ctx;
@ -205,7 +205,7 @@ struct _SSL_CTX
    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
 #ifndef CONFIG_SSL_SKELETON_MODE
    uint16_t num_sessions;
-    SSL_SESS **ssl_sessions;
+    SSL_SESSION **ssl_sessions;
 #endif
 #ifdef CONFIG_SSL_CTX_MUTEXING
    SSL_CTX_MUTEX_TYPE mutex;
@ -277,10 +277,10 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros
 int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
 #endif

-SSL_SESS *ssl_session_update(int max_sessions, 
-        SSL_SESS *ssl_sessions[], SSL *ssl,
+SSL_SESSION *ssl_session_update(int max_sessions, 
+        SSL_SESSION *ssl_sessions[], SSL *ssl,
        const uint8_t *session_id);
-void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl);
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);

 #ifdef __cplusplus
 }